BIND 9 in a chroot environment

simo idra at samba.org
Sat Mar 10 20:27:03 MST 2012


On Sat, 2012-03-10 at 19:43 -0500, Peter Clark wrote: 
> 
> On Mar 10, 2012, at 7:39 PM, Pavel Herrmann <morpheus.ibis at gmail.com> wrote:
> 
> > On Saturday 10 of March 2012 19:18:14 Peter Clark wrote:
> >> Hi,
> >> 
> >> 
> >> 
> >> I'm running Fedora 16 and as with Fedora for quite a while it runs BIND in a
> >> chroot environment. I'm curious if there's any new documentation or
> >> suggestions on how to configure this properly?  It seems that the libraries
> >> dlz_bind9.so requires aren't available to it in a chroot environment:
> >> 
> >> 
> >> 
> >> Mar 10 19:04:41 c3po named[13784]: dlz_dlopen failed to open library
> >> '/usr/local/samba/lib/bind9/dlz_bind9.so' - libpopt.so.0: cannot open shared
> >> object file: No such file or directory
> >> 
> >> 
> >> 
> >> Libpopt.so.0 is in /lib64. Mounting /lib64 into /var/named/chroot/lib64
> >> makes this problem go away but I'm sure there's a more elegant solution than
> >> mounting a whole bunch of system directories into the chroot jail?
> >> 
> >> 
> >> 
> >> Thanks in advance,
> >> 
> >> 
> >> 
> >> Peter
> > 
> > Hi,
> > 
> > have you tried (hard)linking/copying only the required libs? i imagine there 
> > would be no other way - isolation is the point of chroot jail
> > 
> > Pavel
> 
> I started going down that road but after a number of files copied or linked into the jail I gave up. 
> 
> Is there a way to compile this as a static object instead of shared? That way it wouldn't need to go outside the jail. 

You would still need access to the ldb databases.

Your best bet is to yum uninstall bind-chroot

Simo.


-- 
Simo Sorce
Samba Team GPL Compliance Officer <simo at samba.org>
Principal Software Engineer at Red Hat, Inc. <simo at redhat.com>



More information about the samba-technical mailing list